{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e6b93c6-6f92-515a-9eb3-f2705387f788", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3825c9da-e38e-5798-98df-45e8efaeed50", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6f0a7d85-953d-5669-8ecf-e3fbc3bc00f8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e4619f82-257b-5f87-bc61-55ab99f6a714", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7a953d0-23b7-5fbb-b0e8-a38cdb854284", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d8e68599-9208-5c93-8836-63074aff2942", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ab02b894-1282-5592-adc2-13570097f9f2", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cdd33de9-1478-5128-a5f3-8d9b2df7298f", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:263fa713-15e7-5332-96ed-07f83144e928", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ada74576-8403-52fa-9e06-d9a9456ee727", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8e3a5a38-43bf-517a-84d2-85071127d304", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dfbc5ded-d327-523c-9b0f-23ab34ee4f4d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fcec453f-2c18-5b15-b905-2fcabb9e003b", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:482ccc5b-dd95-54ed-bfef-c27aa6437d6f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:028083e4-e87d-521e-9fa2-b79f217345f8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:be1ef88b-c292-5f54-bd0a-c27403b5a5d4", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:42916b89-a04b-51f1-9717-45a93e1a0c78", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5f0c63c2-b308-51f2-bee0-ca72b71d9085", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b028155c-8fab-5f05-8981-4c42513c1702", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:09e16b6c-c242-5121-a658-e33f8f7141da", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7ac971b-dfc2-5dd3-a537-ec945996950a", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e3d8852c-0606-56d6-b871-6f257f3512e9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2b661167-6b1d-5472-9ee4-2f752d356296", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:156d00d0-330e-548b-a5df-b2e384376fdc", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4f6c3734-5e31-5115-8aa2-fce301b20d85", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7cab66c-9313-534b-8f94-116480d4f5ac", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7d6e1fc-2b57-5123-9d93-94d70deddddb", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a96d2115-ae95-500a-8002-eb9dc3d7b31f", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d6bdd4b1-3e7a-5df2-81c7-175d80b2c487", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:818dff6b-fdba-5556-8809-9ec04191bfd4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0f4273d5-406e-5075-ac5a-0c0ae479011f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:72a0cace-36f0-57dc-b9e5-c52802f6096e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:69477d51-9f46-5773-b841-2065f242fd49", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8590a76f-0cbe-5e03-a914-b7a8f2c28a79", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1bf42dcf-ed30-549b-a3d1-0920284b0139", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0a1281e2-33ed-50d5-b0a2-bcd0d59ecdf3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f8f98c3d-62ed-5aa7-9f0b-c50b15fcf3b6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:032a231e-cbb9-50ea-8292-bbd311e63835", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31-tuxcare.5" } ] }